OSCP Guide to pass

(Exabyt3) & ? todo

From the offensive-security.com website there's four main parts of the OSCP. Learn foundational penetration testing skills, practice take your first grueling exam and become an OSCP!

This is our guide to pass the OSCP.

Learn an offensive or penetration tester methodology
1. Planning
  1. What are your targets?
  2. What is your END goal?
  3. What can you prepare prior to engagement?
2. Reconnaissance -
  1. What can you learn about your target(s) prior to sending data?
  2. Sending data to the target, what services are running?
3. Vulnerability detection or discovery
  1. What happens when you send malformed data?
  2. Are the exposed services unpatched?
4. Exploitation
  1. What exploit can you leverage that will get you closer to your END goal?
5. Report
  1. What did you discover during recon?
  2. What vulnerability did you discover?
  3. What/how did you exploit?
  4. Screenshots!
  5. Why was it exploitable and how do you fix?
  6. IMPORTANT! This is a circle process, go back to step 2 until your test is finished!
Signing up for the OSCP course you will be delivered videos and a PDF. Each one of the lines in the table of contents is a topic that you should go and research more. Understand, why you are learning each line, and tie it back to the pentester methodology (how can you leverage this). I'm lazy, and i'm sure there are better how-to's. google search github OSCP prep. Find someone who has broken out the topics with reseach links.
1. Study the topics
2. Map the topics back to methodology
3. practice the topics
Practicing... Vulnhub overthwire and hackthebox.eu (htb) someone has created a picture (it is not ours) I just highlighted the more important ones :)
1. Paying for offseclabs is not necessary to pass. However, the labs teach you lateral movement skills for real world.

Exam day:

Planning, what can you do prior to taking the exam?
1. review https://help.offensive-security.com/hc/en-us/articles/360040165632-OSCP-Exam-Guide
  1. "The OSCP certification exam simulates a live network in a private VPN, which contains a small number of vulnerable machines." Make scripts that can perform both recon and vulnerability detection on the machines while you test. Think about what you can do in the background while poking at a machine.
  2. Make a reporting plan, how are you going to take your 5 bullet pointed notes and screenshots
  3. Make a timeline of when you are going to take breaks. It is east to get sucked in for 24 hours, trust me ...you need sleep!
2. Music! it's important, make certain you have music to pump you up. This test test can be soul crushing :)
3. Healthy, smart not so sugary food - Don't crash and burn (hackers reference)
4. Have fun! If you fail, that's OK don't quit. Understand where need extra help maybe it's linux privesc. Work on hackthebox or vulnhubs get the skills and retake the exam.

Open book test = Open Scripts consider leveraging simple bash scripts to perform in the background. (check out https://notes.ubg-hacking.team/attacks/reconnaissance/c99-recon) for ideas on combining these.

#!/bin/bash
for i in $(cat < "$1"); do
	mkdir -p $i
	sh -c "dirb http://$i/ -o $i/dirb.$i -w"
done

gobuster_scan.sh

#!/bin/bash
for i in $(cat < "$1"); do
        mkdir -p $i
        sh -c "gobuster dir -w /usr/share/wordlists/dirbuster/directory-list-2.3-small.txt -u http://$i -o $i/gobuster.$i"
done

nikto_scan.sh

#!/bin/bash
for i in $(cat < "$1"); do
	mkdir -p $i
	sh -c "nikto -o $i/nikto.$i -Format txt -Tuning 9 -h http://$i"
done

nmap_scan.sh

#!/bin/bash
for i in $(cat < "$1"); do
	mkdir -p $i
	sh -c "nmap -sVC -p- -oA $i/nmap.$(echo $i |cut -d "/" -f1) $i --open"
done

Buffer OverFlow (BOF) consider building skeleton BOF scripts prior to. A crude example below.

#! /usr/bin/env python
import socket
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect(("127.0.0.1", 31337))

#overflow lets send some x41
bufz = ""
bufz += "A"*9000
bufz += "\n"

#s.send what are we piping through
s.send(bufz)
print "Sent!"

#did the program crash? can we find instruction pointer? (blah blah more notes)

PreviousGIAC Exploit Researcher and Advanced Penetration Tester (GXPN)NextSANS Guide to pass

Last updated 3 years ago

#! /usr/bin/env python import socket s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.connect(("127.0.0.1", 31337)) #overflow lets send some x41 bufz = "" bufz += "A"*9000 bufz += "\n" #s.send what are we piping through s.send(bufz) print "Sent!" #did the program crash? can we find instruction pointer? (blah blah more notes)